Total
8404 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3739 | 1 Https-proxy-agent Project | 1 Https-proxy-agent | 2024-11-21 | N/A |
| https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON). | ||||
| CVE-2018-3594 | 1 Qualcomm | 42 Mdm9206, Mdm9206 Firmware, Mdm9607 and 39 more | 2024-11-21 | N/A |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, while parsing a private frame in an ID3 tag, a buffer over-read can occur when comparing frame data with predefined owner identifier strings. | ||||
| CVE-2018-3579 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, event->num_entries_in_page is a value received from firmware that is not properly validated which can lead to a buffer over-read | ||||
| CVE-2018-3569 | 1 Google | 1 Android | 2024-11-21 | N/A |
| A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | ||||
| CVE-2018-25033 | 2 Admesh Project, Debian | 2 Admesh, Debian Linux | 2024-11-21 | 8.1 High |
| ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a. | ||||
| CVE-2018-25013 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.1 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). | ||||
| CVE-2018-25012 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.1 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | ||||
| CVE-2018-25010 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.1 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | ||||
| CVE-2018-25009 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.1 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | ||||
| CVE-2018-21270 | 2 Nodejs, Redhat | 2 Node.js, Quay | 2024-11-21 | 6.5 Medium |
| Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x). | ||||
| CVE-2018-21233 | 1 Google | 1 Tensorflow | 2024-11-21 | 6.5 Medium |
| TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc. | ||||
| CVE-2018-21072 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos chipsets) software. A kernel driver allows out-of-bounds Read/Write operations and possibly arbitrary code execution. The Samsung ID is SVE-2018-11358 (May 2018). | ||||
| CVE-2018-21016 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 6.5 Medium |
| audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | ||||
| CVE-2018-20854 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read. | ||||
| CVE-2018-20846 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | 6.5 Medium |
| Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | ||||
| CVE-2018-20783 | 3 Opensuse, Php, Redhat | 4 Leap, Php, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c. | ||||
| CVE-2018-20721 | 2 Debian, Uriparser Project | 2 Debian Linux, Uriparser | 2024-11-21 | 9.8 Critical |
| URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address. | ||||
| CVE-2018-20712 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt. | ||||
| CVE-2018-20615 | 4 Canonical, Haproxy, Opensuse and 1 more | 7 Ubuntu Linux, Haproxy, Leap and 4 more | 2024-11-21 | N/A |
| An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame. | ||||
| CVE-2018-20591 | 1 Libming | 1 Libming | 2024-11-21 | N/A |
| A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by swftocxx. | ||||